Abstract
Existing solutions that address data loss, theft, and corruption of information and resources in networks rely on deep content analysis, central policy management, and attempt to achieve broad content protection across multiple platforms and locations [47]. These solutions unfortunately are designed to protect against careless users and very unsophisticated malicious insiders. Consequentially they are trivial to defeat with simple obfuscation. This thesis outlines the flaws with existing approaches and borrows lessons and techniques from related security systems in order to propose a novel approach on policies and mechanisms that are more ideally suited for addressing this problem. This thesis describes the design, implementation, and analysis of real-time statistical (Markov chain and Bayesian) analyzers (extending work of [24, 14, 28, 33, 40, 55]) for network anomaly detection to trigger novel policy-based temporal resource access-disruption mechanisms (extending the work of [12, 13, 41]). These temporal resource access-disruption mechanisms (aka Rollback-access mechanisms) dynamically mitigate the risk of security-critical file distribution by rolling back the granted access to the aforementioned files upon detecting that the user is a perceived threat. The analyzer design goals are: to minimize the consequences of anomalous behavior, to make the analyzer resist Denial of Service(DoS) attacks, to have a real-time response time to anomalies, and to deal with network threats without seriously disrupting services. The resultant temporal access-disruption mechanisms provides for an unprecedented resilience to resource-centric attacks. Additionally, we present some experimental results, which demonstrate the potential of the aforementioned mechanism. Finally, it is important to note that while this thesis extends existing work [12, 13], it addresses only one of many aspects that are necessary to actually implement such systems.
|
